SELinux Permission Documentation

[Stephen Smalley]

On Tue, 2007-06-05 at 11:59 -0700, Ken wrote:
> Ken wrote:
> > What can be sent and received as rawip to and from kernel_t, and what 
> > are the limitations of what can be done with the data?  I am interested 
> > in understanding the security implications of this (and other) SELinux 
> > permissions.  Is there anyone who can direct me to reference materials 
> > that explain the security implications of allowing various SELinux 
> > permissions?
> > 
> Update:
> It appears that allowing rawip did not fix the problem, but that it was 
> only a coincidence that the site worked for me after making the change; 
> so understanding this permission is now less important to me.
> 
> 
> I am assuming that since no one answered any of my emails regarding 
> permission documentation that there is none.  With this this in mind, I 
> have a suggestion for those who have a good understanding of SELinux: 
> Please create documentation that will allow an individual to research 
> and understand the security implications of various permissions without 
> the need for taking the time to gain an extensive knowledge of the LSM 
> and SELinux.  This would be very helpful to me (and I am sure to many 
> other people as well) since I only want to learn what I need to in order 
> to secure my system, and having a source of information would eliminate 
> the need to know enough to extract the information myself.

Hi,

There are some resources available, but not quite in the form that I
think you wanted.

1) Reference policy documentation of its modules and interfaces
locally viewable by running /usr/share/selinux/devel/policyhelp, or at:
http://oss.tresys.com/docs/refpolicy/api/
I think that this is really more suited to what you want, except that it
is done on the higher level abstractions/interfaces of refpolicy instead
of the individual permissions (and it needs more detail).

2) Overview of Classes and Permissions
http://www.tresys.com/selinux/obj_perms_help.html
These describe the meaning of the classes and permissions, but only in
general terms, not for specific domains/types.

3) SELinux Policy Writing Class Slides
http://www.tresys.com/selinux/selinux-course-outline
(click on the slide titles to download them)
This helps with understanding the policy constructs in general, but
won't give much detail about individual classes/perms except for the
specific cases covered.

4) SELinux by Example book
http://www.phptr.com/bookstore/product.asp?isbn=0131963694&rl=1
This has an appendix much like the overview in (2), but like (3), I
think most of this book is more oriented toward the policy concepts and
constructs than the individual classes/perms.

5) Original SELinux tech report
http://www.nsa.gov/selinux/papers/slinux-abs.cfm
This was the original description of the classes and permissions and
their rationales, although there have naturally been changes over time.

6) LSM-based SELinux tech report
http://www.nsa.gov/selinux/papers/module-abs.cfm
This described how the implementation changed for LSM and mapped the LSM hooks
to SELinux permission checks, so while it can be useful in understanding
the checks, it is too tied to the implementation to really meet your
request.

I think we'd all agree that better end user documentation is needed.

-- 
Stephen Smalley
National Security Agency